All geek questions in one place

Rails 4 strong parameters

It seems ridiculous how Rails 4 deals with strong parameters:

def UsersController < ActionController::Base def update @user = current_user if @user.update_attributes(user_profile_parameters) redirect_to home_path, notice: "Your profile has been successfully updated." else render action: "edit" end end private def user_profile_parameters params.require(:user).permit(:name, :password, :password_confirmation, :email) end end

Interestingly, is this not possible in Rails 3? Yes, instead of a single line, it may take 3 lines. But there is nothing new, this is just a manually created list of allowed parameters, in fact it is just a hash, isnโ€™t it? Or are there even deeper goals?

+4
source share
3 answers

I assume that it existed in a way (way earlier) before releasing rails 4 as a separate stone https://github.com/rails/strong_parameters

rails 4 by default, if you want to use it with rails 3, just get the gem in your gemfile and go :).

on the github link for the gem, they also wrote amazing documentation on how to use it, so I think you shouldn't have any problems using it.

And, of course, there is nothing new in it, you can do this filtering manually by writing your own filters, and everything can get a little confused with deeply nested hashes and an array inside the hashes and if the keys of the hashes are dynamically created (not fixed)

โ€œYes, instead of a single line, it will take 3 lines,โ€ and this is what most gems do, and we use them instead of reinventing the wheel and just concentrating on our business logic.

+10
source

From the official blog

We are exploring a new way to deal with mass assignment in Rails. Or, in fact, this is not a completely new way, it is rather an extraction of established practice with some vinegar mixed with when you forget.

This new approach is to extract the slice template, and we call the plugin strong_parameters for it (already available as a gem). The basic idea is to move the mass assignment protection from the model and to the controller where it belongs.

The entire task of the controller is to control the flow between the user and the application, including authentication, authorization, and as part of this access control. We never had to put mass protection in the model, and many people stopped doing this with the transition to the slice or variation pattern. It is time to extract this sample and bring it to people.

To use it in Rails 3, you can use strong gem options and follow the instructions there.

+7
source

Interestingly, is this not possible in Rails 3?

Yes, you can use this stone to use strong parameters in rails 3.

it's just a hash, isn't it?

Yes, parameters are just a hash.

Or is there a deeper purpose in it?

I think that you get what we have to write more code to do the same. It may seem like this if you are doing the basic work, but things get complicated when you start setting up authorization and making things a little more dynamic.

One problem is that attr_accessible not very flexible. Strong options fix this. I believe that strong options are a way to make you more conscious and give you more control over your data. A way to provide you with documentation of the data by which records are created.

Make sense?

+3
source

Source: https://habr.com/ru/post/1495442/

More articles:


All Articles